DTISI Certification Pathway:
Detecting and Handling IT Security Incidents
Reference: DTISI
Duration: 23 days (161 hours)
Cost : 14 490 € HT
Our in-company training courses are customised, flexible and tailored to the specific needs of your team.
This certification training program lasts 23 days (161 hours) over approximately 4 months. The DTISI pathway prepares participants to identify, analyze, and manage incidents within a SOC or CERT. The program combines in-depth theory, immersive practical exercises, and crisis management simulations, validated through a final role-play and an oral defense before a panel.
TARGET AUDIENCE
SOC analysts, security technicians, incident management experts, CERT team coordinators.
Objectives
- Master the fundamental concepts and stakeholders in cybersecurity.
- Identify and analyze attack vectors, techniques, and scenarios.
- Effectively use SIEM tools as well as SOC analysis and detection methods.
- Manage incidents with structured processes in compliance with standards (ISO 27035).
- Participate in crisis management and team awareness initiatives.
PREREQUISITES
- General IT knowledge and cybersecurity fundamentals (concepts of attacks, vectors, risks).
- Knowledge of the ANSSI security guide or completion of an equivalent training module (e.g., ANSSI SecNumacadémie Mooc) is recommended but not mandatory.
- A personal computer with internet access and the ability to run advanced cybersecurity tools (SIEM, forensic tools).
- Familiarity with networks and system environments, along with skills in analysis and synthesis to process complex security log data.
- Willingness to actively participate in practical workshops and incident simulations to validate skills.
DETAILED PROGRAM
The pathway is organized around 7 major modules, covering theory, practice, and real-world cases.
Module 1: Fundamentals of System and Network Security
Duration: 2 days – 14 hours
Objectives: Enable participants to master key cybersecurity concepts, identify risks and attack vectors, and understand the applicable regulatory framework.
Contents:
- Identification of the cyber ecosystem: actors, cybercrime chain, attacker profiles and motivations.
- Fundamental concepts: risks, organizational impacts, affected information systems.
- Types of attacks: ransomware, phishing, denial of service, social engineering, compromised passwords.
- Main vectors: email, web browsing, wireless connections, malware.
- Regulatory framework: ISO 27001, 27005 standards, GDPR.
- Security references: OWASP Top 10, STRIDE.
- Practical exercises: identifying attack vectors on a simulated architecture, categorizing incidents by criticality, validation quizzes.
Module 2: State of the Art of the SOC
Duration: 4 days – 28 hours
Objectives: Train participants in SOC knowledge, its tools and methods, particularly SIEM, as well as the main incident management frameworks.
Contents:
- Definition, role, and organization of a SOC.
- Overview of functions: monitoring, analysis, incident response.
- Introduction to SIEM tools (Elastic Stack, Splunk), their architecture and features.
- Presentation and demonstration of IDS/IPS.
- ANSSI recommendations on logging.
- Incident response frameworks: NIST, CERT, ISO 27035.
- Practical exercises: SIEM installation and configuration, log analysis, correlation rule creation,
case study (real-time phishing).
Module 3: Incident Management
Duration: 10 days – 70 hours
Objectives: Learn to deploy and manage the complete security incident management process, from initial detection to remediation.
Contents:
- Principles and roles of IDS, IPS, UTM.
- Incident classification by criticality, functioning of incident databases.
- Response phases: detection, categorization, containment, eradication, recovery.
- Forensic analysis methods, tools: Kansa, GRR.
- Procedures and tools to handle minor and major incidents.
- Practical exercises: full simulations, report writing, root cause analysis.
Module 4: Fundamentals of Digital Forensics
Duration: 1 day – 7 hours
Objectifs : Acquire the fundamentals of digital investigation: evidence preservation, collection, analysis, and reporting.
Content:
- Digital investigation process, definition and role of evidence.
- Forensic taxonomy and methodologies.
- Collaboration with internal and external actors (ANSSI, law enforcement).
- Practical exercises: evidence collection, preservation and analysis, forensic report writing.
Module 5: Cybersecurity Crisis Management
Duration: 3 days – 21 hours
Objectives : Structure, lead, and train organizational response in a cyber crisis, from activation to feedback (RETEX).
Contents:
- Crisis cell: roles, escalation, coordination.
- BCP/DRP: scope, dependencies, activation, action synchronization.
- Communication: messages, channels, dashboards.3
- Practical exercises: crisis cell setup, ransomware exercise, message kit, RETEX.
Module 6: Team Awareness and Continuous Improvement
Duration: 2 days – 14 hours
Objectifs : Design, deploy, and measure awareness actions to sustainably strengthen cybersecurity posture.
Contents:
- Key topics and materials: phishing, passwords, remote work.
- Facilitation methods and managerial support.
- KPIs and awareness dashboards.
- Practical exercises: mini-campaign, dashboard creation, and improvement plan.
Module 7: Cybersecurity Monitoring
Duration: 1 day – 7 hours
Objectives: Learn to implement effective operational monitoring to anticipate threats and adapt security measures.
Contents:
- Monitoring sources: ANSSI, CERT-FR, OSINT, CVE.
- Methods for analyzing and exploiting alerts.
- Writing and communicating recommendations.
- Practical exercises: setting up monitoring processes, analyzing results, formulating continuous improvement plans.
LEARNING ASSESSMENT
- Skills validated through a final role-play, followed by an oral defense before a panel.
- Regular evaluations with quizzes and self-tests integrated into the modules.
- In-depth practical exercises using SOC tools (SIEM Splunk, Elastic Stack), forensic tools (Kansa, GRR, autopsy), and incident simulations (phishing, ransomware).
- Deliverables: analysis reports, incident classification, forensic documentation, and remediation plans.
- Deliverables: analysis reports, incident classification, forensic investigation documentation, and remediation plans.
- Labs include advanced configuration and customization of detection tools, as well as coordinated management of complex incidents.
- Evaluated skills include mastery of ISO 27035, NIST CSF standards, SOC and CERT processes, and in-depth log analysis.
Teaching Methods
- Theoretical courses enriched with real-world case studies and feedback.
- Practical exercises with SOC tools, log investigations, and incident simulations.
- Role-plays and oral defenses to validate operational skills.
KEY STRENGTHS
- PASSI certified trainers, SOC and forensic experts.
- Hands-on experience with leading professional tools (SIEM, Elastic, Splunk).
- Pragmatic approach with simulations and real-world scenarios.
- Alignment with ANSSI, ISO 27035, and NIST recommendations.
- This program is eligible for OPCO Atlas funding.
This program qualifies for OPCO Atlas funding as part of the CampusAtlas offering, recognized and funded up to 100%, with simplified procedures, a quality guarantee, and tailored support provided to member companies.